Home and mobile working: common sense security advice

The current coronavirus crisis has pushed ‘home and mobile working’ onto the front pages.

Self-isolation is critically important as we work towards preventing the rapid spread of the virus. But how can we isolate ourselves from a different threat whilst working remotely or at home? 

- the threat from cyber-attackers who are exploiting this unprecedented time to take advantage of weaker security practices to carry out their attacks?

Many organisations will not be prepared for the additional security risks that home and mobile working can bring. These include:

  • The loss or theft of any device or removable media containing sensitive company information which will open up new opportunities for attack
  • ‘Shoulder surfing’ where you may be overlooked by someone when you’re working in public or your telephone calls are listened in to
  • Lost or stolen devices that contain your user credentials (username, password or token) and can be used to compromise services or information stored in the device
  • Tampering where an attacker could insert malicious software or hardware on your device if it’s left unattended. This can result in inappropriate access to corporate networks and information
  • The physical risk of other members of your family gaining access to your devices and accidentally destroying or interfering with sensitive company information.

There are some simple and common-sense things we can all do to reduce these risks:

  • SECURE your device by setting a screen lock with a PIN, strong password or complex pattern
  • LOCK the screen on your laptop or device whenever you are not using it
  • STORE your device safely and make sure it’s not in public view
  • Make sure you have strong PASSWORDS for each device and never reveal them to others
  • Stay VIGILANT to the theft of devices through pickpocketing, snatching or burglary
  • HIDE laptops, tablets or phones from full view in unattended cars or bags in public
  • Ideally, keep devices away from FAMILY members – for example, there may be pressure from children to use work devices to access online school material or simply to use the internet.
  • REFAMILIARISE yourselves with your organisations policies on home and mobile working.

…and if you’re working on valuable and sensitive company information at home or remotely, then

  • AVOID using unsecured Wi-Fi hotspots
  • If available ALWAYS use your company’s secure VPN (Virtual Private Network) for all internet use while out and about
  • Use software to allow the REMOTE LOCKING OR WIPING of a lost or stolen device
  • Use GPS-based features that allow you to locate the device if it’s stolen and then turned on
  • DO NOT STORE sensitive company information on devices and delete local copies when you have finished viewing them
  • Always use company devices in an ethical manner and comply with your organisation’s ACCEPTABLE USE POLICY.

Finally, we all need to make ourselves aware of what to do if any device is lost or stolen devices – early reporting is important and will help to minimise any risks to company data. We all must have the insight to know what to do next and the confidence to tell others quickly to minimise the threat your organisation might face.

Remember: Stop, Think and Be Safe

PDSC WFH

nick 200x200

Nick Wilding

General Manager, Cyber Resilience, AXELOS and Head of RESILIA Frontline
90% of successful cyber-attacks succeed because of our human error. RESILIA Frontline is GCHQ certified online cyber awareness training for all employees. It’s easy to use and designed to help you quickly provide simple, practical advice to all your employees to help them your most valuable and sensitive information. RESILIA is part of AXELOS Global Best Practice, a joint venture between UK Government and Capita plc.